Struct SafeBag 

pub struct SafeBag {
    pub certificate: Bytes,
    pub encrypted_key: Bytes,
}

A decoded SafeBag — the certificate Data wire bytes and the password-encrypted PKCS#8 private key DER.

Fields

certificate: Bytes

Full wire-encoded certificate Data packet (TLV starting at type 0x06). Opaque to SafeBag itself; the caller hands this to the PIB or a Data decoder.

encrypted_key: Bytes

EncryptedPrivateKeyInfo DER per RFC 5958 / PKCS#8. Use SafeBag::decrypt_key with the export password to recover the unencrypted PKCS#8 PrivateKeyInfo.

Implementations

impl SafeBag

pub fn encode(&self) -> Bytes

Encode the SafeBag to its TLV wire form. Output starts with 0x80 and is suitable for writing to a file or passing to ndnsec import.

pub fn decode(wire: &[u8]) -> Result<Self, SafeBagError>

Decode a SafeBag from its TLV wire form. Tolerates trailing bytes after the outer SafeBag TLV (per the TLV spec, anything after the encoded length is the next packet).

pub fn encrypt( certificate: Bytes, pkcs8_pki_der: &[u8], password: &[u8], ) -> Result<Self, SafeBagError>

Build a SafeBag by encrypting an unencrypted PKCS#8 PrivateKeyInfo DER with password. Uses the rustcrypto pkcs8 crate’s default PBES2 parameters: PBKDF2-HMAC-SHA256 with a random 16-byte salt and AES-256-CBC with a random IV. These match the OpenSSL PKCS8_encrypt defaults that ndn-cxx produces.

pub fn decrypt_key(&self, password: &[u8]) -> Result<Vec<u8>, SafeBagError>

Decrypt the SafeBag’s encrypted private key with password, returning the unencrypted PKCS#8 PrivateKeyInfo DER. The caller dispatches on the embedded algorithm OID.

Trait Implementations

impl Clone for SafeBag

fn clone(&self) -> SafeBag

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SafeBag

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.